XSS Vulnerability in D-Link DIR Series Routers
CVE-2018-6528

6.1MEDIUM

Key Information:

Vendor
D-Link
Vendor
CVE Published:
6 March 2018

Summary

An XSS vulnerability exists in the D-Link DIR-868L, DIR-865L, and DIR-860L routers, allowing remote attackers to exploit the SOAP protocol. By manipulating the receiver parameter in a crafted request, attackers can read sensitive cookies, potentially compromising user sessions and sensitive data. This vulnerability highlights the need for timely firmware updates to mitigate security risks.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.